From a9ba0284ac35169cb9e8a1e9f6ac6c3433ca9dde Mon Sep 17 00:00:00 2001
From: Ryan <ryantl66@gmail.com>
Date: Thu, 16 Apr 2026 21:58:18 -0400
Subject: [PATCH] release(v3.11.2): phpseclib security dependency update

- deps(composer): upgrade phpseclib/phpseclib to 3.0.51 to pick up the latest upstream security fix
---
 CHANGELOG.md  | 20 ++++++++++++++++++++
 composer.json |  2 +-
 composer.lock | 14 +++++++-------
 3 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d2a9c2c..7ade0a4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,25 @@
 # Changelog
 
+## Changes 04/16/2026 (v3.11.2)
+
+`release(v3.11.2): phpseclib security dependency update`
+
+**Commit message**  
+
+```text
+release(v3.11.2): phpseclib security dependency update
+
+- deps(composer): upgrade phpseclib/phpseclib to 3.0.51 to pick up the latest upstream security fix
+```
+
+**Changed**  
+
+- **Dependency security maintenance**
+  - Updated `phpseclib/phpseclib` to `3.0.51` in Composer dependencies to pick up the current upstream security fix in the locked dependency set.
+  - This release addresses the upstream advisory covering variable-time HMAC comparison in `SSH2::get_binary_packet()`.
+
+---
+
 ## Changes 03/24/2026 (v3.11.1)
 
 `release(v3.11.1): shared-hosting worker fallback and deleted-user session invalidation (closes #110)`
diff --git a/composer.json b/composer.json
index f684439..c7e7dbe 100644
--- a/composer.json
+++ b/composer.json
@@ -4,7 +4,7 @@
   "type": "project",
   "require": {
     "jumbojett/openid-connect-php": "^1.0.0",
-    "phpseclib/phpseclib": "^3.0.50",
+    "phpseclib/phpseclib": "^3.0.51",
     "robthree/twofactorauth": "^3.0",
     "endroid/qr-code": "^5.0",
     "sabre/dav": "^4.4"
diff --git a/composer.lock b/composer.lock
index 9f8ec03..6d7a763 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "f2e452ab552a4346e42cced1abbe2898",
+    "content-hash": "afeacd5e905d3a06a1dc80499042229f",
     "packages": [
         {
             "name": "bacon/bacon-qr-code",
@@ -343,16 +343,16 @@
         },
         {
             "name": "phpseclib/phpseclib",
-            "version": "3.0.50",
+            "version": "3.0.51",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpseclib/phpseclib.git",
-                "reference": "aa6ad8321ed103dc3624fb600a25b66ebf78ec7b"
+                "reference": "d59c94077f9c9915abb51ddb52ce85188ece1748"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/aa6ad8321ed103dc3624fb600a25b66ebf78ec7b",
-                "reference": "aa6ad8321ed103dc3624fb600a25b66ebf78ec7b",
+                "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/d59c94077f9c9915abb51ddb52ce85188ece1748",
+                "reference": "d59c94077f9c9915abb51ddb52ce85188ece1748",
                 "shasum": ""
             },
             "require": {
@@ -433,7 +433,7 @@
             ],
             "support": {
                 "issues": "https://github.com/phpseclib/phpseclib/issues",
-                "source": "https://github.com/phpseclib/phpseclib/tree/3.0.50"
+                "source": "https://github.com/phpseclib/phpseclib/tree/3.0.51"
             },
             "funding": [
                 {
@@ -449,7 +449,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-03-19T02:57:58+00:00"
+            "time": "2026-04-10T01:33:53+00:00"
         },
         {
             "name": "psr/log",